CertiSur
Control Panel
SSL / TLS March 18, 2026

The drastic change in web certificates that will transform internet infrastructure in 2026

"It is a structural transformation in the way organizations must manage their digital identity" For decades, internet security relied on a silent but fundamental mechanism: the TLS/SSL certificates that validate the identity of websites and encrypt communication between users and digital services. For most companies, their management was almost an annual administrative routine. But that paradigm is about to disappear.

El drástico cambio en los certificados web que transformará la infraestructura de internet en 2026

The global security industry has just approved one of the most profound changes in the infrastructure of internet trust. The CA/Browser Forum, the body that defines the standards used by browsers and certification authorities, confirmed a new timeline that will drastically reduce the validity period of digital certificates. The result: what today is renewed once a year, in a few years will need to be renewed practically every month. The first major impact will arrive in 2026.

The transition will begin to be felt strongly from the beginning of 2026. From February 24, 2026 , certificate authorities are limiting the maximum duration of new certificates to 199 days , replacing the current limit of 397 days.

A few weeks later, the March 15, 2026 , the industry will formalize a similar standard: a maximum validity period of 200 days for certificates. But the adjustment is not limited to certificate validity. It also impacts the validation processes that support organizations' digital identity:
  • Organization validations (OV) will go from 825 to 397 days.
  • Domain validation reuse will be reduced to a maximum of 199 or 200 days.

In other words: the entire digital trust cycle is shortened.

As explained by Néstor Markowicz, COO of CertiSur , the impact goes far beyond an administrative change."This change is not simply a reduction in timelines; it is a structural transformation in the way organizations must manage their digital identity. What could previously be administered manually today requires total visibility, centralized inventory, and automation of the lifecycle. Companies that don't anticipate this will face preventable interruptions in their critical services".

The ultimate goal: 47-day certificates

If the 2026 change seems radical, it is actually just the first step in a much more ambitious process.

The timeline approved by the industry establishes that:
  • In March 2027 the maximum validity will drop to 100 days.
  • In March 2029 it will be reduced to just 47 days.

Yes: less than two months.

The figure is not arbitrary. Sector specialists calculated that 47 days allow for an operational cycle comprised of 31 days (one month), plus 15 additional days and one day of technical margin , a period designed to force constant rotation without breaking automated workflows. By that time, moreover, the reuse of domain validation information will be even shorter:barely 10 days . This means that, although it would technically still be possible to manage certificates manually, doing so would become increasingly risky. In fact, several ecosystem experts already warn that attempting to sustain these processes without automation will be practically a guarantee of failures and service outages.

Why the industry wants shorter and shorter certificates

The drive behind this transformation comes mainly from the technology giants of the web ecosystem. Apple led the initial proposal and quickly received the support of Google.

The argument is straightforward:the information contained in certificates becomes less reliable over time . The longer the validity period, the larger the risk window. Shortening the cycles allows:
  • Revalidate identities more frequently.
  • Reduce the impact of compromised keys.
  • Implement new cryptographic technologies faster.

Additionally, the current certificate revocation system—based on protocols such as CRL and OCSP — has proven to be imperfect. In many cases, browsers don't even consult these revocation lists for performance reasons.

Drastically reducing the useful life of certificates becomes a structural solution:if a certificate lasts a short time, the potential damage does too.

Automation ceases to be optional

The immediate consequence of this new scenario is clear: manual certificate management is coming to an end.

In its original proposal, Apple was explicit about this: shortening validity cycles seeks to send a clear message to the industry. The only viable way to operate in this new context is through complete automation of the certificate lifecycle . CertiSur recommends that organizations begin reviewing their internal processes as soon as possible, identifying all certificates in use—many of them invisible to IT teams—and moving toward automatic discovery, centralized inventory, and automated renewal . The good news is that this change will not necessarily entail greater direct costs per issuance. Most providers already work with annual subscription models , regardless of how many times the certificate is reissued.

The real challenge will be technological

"The conversation is no longer about the cost of the certificate, but about operational risk", concludes Markowicz."When we talk about 47-day cycles, any manual management is a guarantee of human error. Automation, continuous discovery, and integration with infrastructure environments are today the only way to ensure business continuity and minimize risk".

Ultimately, the change ahead is not just technical. It is cultural. And for many organizations, it will mark the moment when digital identity management stops being an administrative task and becomes a critical piece of business resilience in the era of automated infrastructure.

CanalAR

← Back to news